Once upon a time…
I touched on this story in my article, Firefox Configuration Guide for Privacy Freaks and Performance Buffs, but i wanted to give it a dedicated page and expand on it because i keep coming across bits of information which seem to verify something i was told long ago regarding encryption.
Somewhere around 2002 i sold a PC to a very nice older fella who said he had worked for the government either directly or as a contractor. I don’t recall which and he didn’t state what department he worked for. He said he had a security clearance and, as i recall, it was a crypto clearance. He left me with the strong impression that he wasn’t going to provide a lot of detail as to what exactly he did, however i had no reason to disbelieve anything he said since he seemed genuine and very matter-of-fact. Our time together was short because he had to be somewhere, but we chatted a while and he touched upon some very interesting topics that i wanted to know more about and so i suggested we continue our conversation through encrypted email. He looked at me and responded with, “Encryption is useless.”. Those words stuck with me ever since.
Obviously encryption is not useless, but i suspect what he meant was that the “intelligence” community has the ability to break possibly any encryption that existed at the time. While i was somewhat skeptical about his statement, that skepticism has since evaporated. First of all we have to consider the computing power that the intelligence communities have access to. Let’s assume that you’re encrypting an email using some supposedly highly secure encryption algorithm along with a very long and secure passphrase, and let’s further assume that it would take roughly 10,000 years for the average computer to break it. Would you feel confidant using such encryption? Well, what happens if that code breaking computer is 100,000 times more powerful than than your PC? And what if you chain together 100 of those computers? Breaking that encryption may now be possible in a few hours or seconds. Does the NSA not have access to computers that are orders of magnitude more powerful than anything in the public sphere? And what might they have that we don’t know about? Without knowing that, i don’t think it’s safe to assume anything regardless of the source.
Whether encryption is useless or not depends upon the threat we want to mitigate. For example, if you wanted to download copyrighted content whilst avoiding having your ISP send you nasty-grams, then encryption is certainly not useless. However given what i have read and heard over the years, i strongly suspect that encryption is not effective if, for example, it is the NSA that decides to target you and i think that multiple statements and documents released by Edward Snowden and Bill Binney support this. There is perhaps another possibility here though. What if, as some suspect, Snowden was allowed to leak what he did, sort of as a limited hangout. Personally i think Snowden is genuine, but that doesn’t mean that the information in the documents he released wasn’t intended to be released. Furthermore, there is certainly classified and compartmentalized technology that Snowden knows nothing about. What if the U.S. intelligence community wanted to quell a potential uprising by ‘we the people’? It is apparently a historic fact that one way to accomplish this is to make people think they are being surveilled which, in turn, compromises their ability to communicate effectively due to self-censorship. While i think we can be reasonably certain that everything we say or do online, or while in the presence of a smartphone, can be spied upon and stored indefinitely, how does one process such a vast amount of data? Both Binney and Snowden also raise this question and have stated that the massive, ongoing and patently illegal and unconstitutional data collection practices as employed by intelligence communities are not effective in preventing threats because of the wide net they cast.
In closing i would say that it doesn’t matter if the threat is real or not, or whether strong encryption can be broken or not. Since we simply cannot know for certain in all cases, we must assume the threats could be creditable. Nevertheless, i think that activists, journalists, whistle-blowers and everyone else should never be dissuaded from communicating, though i do think we need to be aware of the potential threats.
Resources used to write this article
- Researchers crack the world’s toughest encryption by listening to the tiny sounds made by your computer’s CPU | ExtremeTech
- How secure is today’s encryption against quantum computers? | betanews
- Revealed: how US and UK spy agencies defeat internet privacy and security | The Guardian
- The NSA Can Beat Almost Any Type of Encryption | Gizmodo
- N.S.A. Able to Foil Basic Safeguards of Privacy on Web | The New York Times
- The Clock Is Ticking for Encryption | Computerworld
- NSA Utah Data Center – Serving Our Nation’s Intelligence Community | NSA
- Had a copyright letter from your ISP? Do tell… | The Guardian
- NSA Whistleblower: Government Collecting Everything You Do | Abby Martin, Empire Files